3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-01-04 11:42:33 +01:00

scan: refactor start_next_scan_request to not send duplicate requests

If start_scan_next_request() is called while a scan request
(NL80211_CMD_TRIGGER_SCAN) is still running, the same scan request will
be sent again. Add a check in the function to avoid sending a request if
one is already in progress. For consistency, check also that scan
results are not being requested (NL80211_CMD_GET_SCAN), before trying to
send the next scan request. Finally, remove similar checks at
start_next_scan_request() callsites to simplify the code.

This also fixes a crash that occurs if the following conditions are met:
  - the duplicated request is the only request in the scan request
    queue, and
  - both scan requests fail with an error not EBUSY.

In this case, the first callback to scan_request_triggered() will delete
the request from the scan request queue. The second callback will find
an empty queue and consequently pass a NULL scan_request pointer to
scan_request_failed(), causing a segmentation fault.
This commit is contained in:
Alvin Šipraga 2020-06-08 10:42:07 +02:00 committed by Denis Kenzior
parent 5c7f064f26
commit 8db4d9272a

View File

@ -842,6 +842,9 @@ static bool start_next_scan_request(struct scan_context *sc)
if (sc->state != SCAN_STATE_NOT_RUNNING) if (sc->state != SCAN_STATE_NOT_RUNNING)
return true; return true;
if (sc->start_cmd_id || sc->get_scan_cmd_id)
return true;
while (sr) { while (sr) {
if (!scan_request_send_trigger(sc, sr)) if (!scan_request_send_trigger(sc, sr))
return true; return true;
@ -1668,7 +1671,7 @@ static void scan_notify(struct l_genl_msg *msg, void *user_data)
/* An external scan may have flushed our results */ /* An external scan may have flushed our results */
if (sc->started && scan_parse_flush_flag_from_msg(msg)) if (sc->started && scan_parse_flush_flag_from_msg(msg))
scan_finished(sc, -EAGAIN, NULL, sr); scan_finished(sc, -EAGAIN, NULL, sr);
else if (sr && !sc->start_cmd_id) else
send_next = true; send_next = true;
sr = NULL; sr = NULL;
@ -1719,7 +1722,7 @@ static void scan_notify(struct l_genl_msg *msg, void *user_data)
sc->triggered = false; sc->triggered = false;
scan_finished(sc, -ECANCELED, NULL, sr); scan_finished(sc, -ECANCELED, NULL, sr);
} else if (sr && !sc->start_cmd_id && !sc->get_scan_cmd_id) { } else {
/* /*
* If this was an external scan that got aborted * If this was an external scan that got aborted
* we may be able to now queue our own scan although * we may be able to now queue our own scan although